Weekend Reads 052022
The steepening trajectory towards event-driven and real-time API architecture is imminent.
Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world’s biggest Continue reading
Top No-Pain Perks You Can Use to Retain IT Staff
A handful of painless incentives can help minimize team turnover and production disruption.Video: Typical Kubernetes Inter-Pod Traffic Walk
Stuart Charlton did his best to explain the concept of pods in the Kubernetes Networking Deep Dive webinar, but we were still a bit confused. Next step: let’s talk about typical inter-pod traffic scenario.
Parts of Kubernetes Networking Deep Dive webinar (including this video) are available with Free ipSpace.net Subscription.
Wendy Komadina: No one excited me more than Cloudflare, so I joined.
I joined Cloudflare in March to lead Partnerships & Alliances for Asia Pacific, Japan, and China (APJC). In the last month I’ve been asked many times: “Why Cloudflare?” I’ll be honest, I’ve had opportunities to join other technology companies, but no other organization excited me more than Cloudflare. So I jumped. And I couldn’t be more thrilled for the opportunity to build a strong partner ecosystem for APJC.
When I considered joining Cloudflare, I recall consistently reading the message around “Helping to Build a Better Internet”. At first those words didn’t connect with me, but they sounded like an important mission.
I did my research and read analyst reports to learn about Cloudflare's market position, and then it dawned on me, Cloudflare is leading a transformation. Taking traditional on-premise networking and security hardware and building a transformational cloud-based solution, so customers don’t need to worry about which company supplied their kit. I was excited to learn that Cloudflare customers can simply access the vast global network that has been designed to make everything that customers connect to on the Internet secure, private, fast, and reliable. So hasn’t this been done before? For compute and storage that transformation is almost Continue reading
Is Sensing the Next Killer App for Wi-Fi?
Wi-Fi Sensing technology can sense the disruption of the signal and use the information to determine the size, speed, and location of the disruption.Monitoring our monitoring: how we validate our Prometheus alert rules
Background
We use Prometheus as our core monitoring system. We’ve been heavy Prometheus users since 2017 when we migrated off our previous monitoring system which used a customized Nagios setup. Despite growing our infrastructure a lot, adding tons of new products and learning some hard lessons about operating Prometheus at scale, our original architecture of Prometheus (see Monitoring Cloudflare's Planet-Scale Edge Network with Prometheus for an in depth walk through) remains virtually unchanged, proving that Prometheus is a solid foundation for building observability into your services.
One of the key responsibilities of Prometheus is to alert us when something goes wrong and in this blog post we’ll talk about how we make those alerts more reliable - and we’ll introduce an open source tool we’ve developed to help us with that, and share how you can use it too. If you’re not familiar with Prometheus you might want to start by watching this video to better understand the topic we’ll be covering here.
Prometheus works by collecting metrics from our services and storing those metrics inside its database, called TSDB. We can then query these metrics using Prometheus query language called PromQL using ad-hoc queries (for example to power Grafana Continue reading
Mitigating controls for cloud-native applications: Why you need them and how Calico Cloud can help
Fixing vulnerabilities can be hard—especially so for cloud-native applications. Let’s take a deeper look at why this is, and how mitigating controls can help secure your cloud-native applications.
Vulnerabilities are like earthquakes—its best to be prepared
The trials and tribulations of Log4j are now safely in our rearview mirror. Most of us responsible for operating a container platform like Kubernetes have navigated through the remediation efforts and disaster has been averted.
But it was a wake-up call for many, and at the very least a healthy reminder for all of us. There have been many infamous vulnerabilities before Log4j, and much like living in an area of the world where earthquakes can strike at any moment, much can be learned from the big ones that came before.
When Heartbleed was publicly disclosed in 2014 it sent shockwaves around the world. It was a critical vulnerability in the ubiquitous OpenSSL library—a cryptographic software library that is used to implement the Transport Layer Security (TLS) protocol. Most of the web relies on TLS to secure communication between clients and servers, and the vulnerability came about through a simple bug that resulted in improper input validation for heartbeats.
The bug existed in OpenSSL Continue reading
Eurovision 2022, the Internet effect version
There’s only one song contest that is more than six decades old and not only presents many new songs (ABBA, Celine Dion, Julio Iglesias and Domenico Modugno shined there), but also has a global stage that involves 40 countries — performers represent those countries and the public votes. The 66th edition of the Eurovision Song Contest, in Turin, Italy, had two semi-finals (May 10 and 12) and a final (May 14), all of them with highlights, including Ukraine’s victory. The Internet was impacted in more than one way, from whole countries to the fan and official broadcasters sites, but also video platforms.
On our Eurovision dedicated page, it was possible to see the level of Internet traffic in the 40 participant countries, and we tweeted some highlights during the final.
#Ukraine just won the #Eurovision in Turin, #Italy
— Cloudflare Radar (@CloudflareRadar) May 14, 2022
Video platforms DNS traffic in Ukraine today, during the event, was 22% higher at 23:00 CEST compared to the previous Saturday. The @Eurovision final is being transmitted live via YouTube.
— @Cloudflare data. pic.twitter.com/juBmtDj1FP
First, some technicalities. The baseline for the values we use in the following charts Continue reading
NSX-T 3.2.1: Rolling Upgrade for NSX Management Plane
VMware NSX 3.2.1 continues to deliver enhancements for improving the VMware NSX upgrade process, including rolling upgrades that shorten upgrade maintenance windows and improved visibility into the NSX upgrade progress.
During the upgrade, the management plane will always be available, normal operation, ie, API calls, configuration changes, adding and removing Transport Nodes can be performed. If there’s an issue that occurred during the upgrade, users can roll back to the previous release without deploying a new NSX cluster and restoring the backup. The rolling upgrade feature applies to only the NSX Manager upgrade portion of the upgrade. In other words, the sequence of the NSX components upgrade remains in the following order: NSX Upgrade Coordinator upgrade, NSX Edge upgrade, Host upgrade, then the NSX Manager upgrade.
How Rolling Upgrade works
Prior to NSX 3.2.1 release, we upgrade all the manager nodes in the management cluster simultaneously. The advantage of the parallel upgrade is that it takes less time to upgrade the management plane. The tradeoff is that the management plane will not be available for a period during the upgrade process. With the rolling upgrade, the manager nodes will be upgraded sequentially. During the management upgrade Continue reading